Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dell 745 + WinXPSP3 Erratic Cursor/Mouse, not hardware??


  • This topic is locked This topic is locked
13 replies to this topic

#1 d33k

d33k

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 04 August 2011 - 12:12 PM

I've been tasked with resolving an issue that an IT department has been diagnosing at a customer location for several weeks now to no avail. Since this has been an on-going issue for so long, I will try to include everything I'm aware of. If I leave things out I'll add them as they come to me. The issue seems to be isolated to this single environment as we have near identical configurations, including hardware & software, in several locations (120~) across the US. As seen in the video (linked below) this issue occurs even before logging into the OS, so it seems to be service level?

I have remote access via LogMeIn to the server at this location, then I use VNC to connect to the workstation. This happens sporadically, and we're unable to replicate it at-will.

Here is a video I recorded with my iPhone; http://files.snapfizzle.com/vid/erratic-cursor.mov
7z @ http://files.snapfizzle.com/vid/erratic-cursor.7z (www.7-zip.org)

This computer is a Dell Optiplex 745 and serves as a POS station for our proprietary POS software.

Hardware we've replaced thus far;
-Computer (mini-tower)
-ELO touchscreen
-USB keyboard & mouse (also tried PS/2)
-Peripherals; receipt printer & cable (parallel), RS-232 IR dongle, USB magnetic card reader

Software solutions attempted;
-Disable mouse in DevMan (device manager)
-Unplug mouse & keyboard (ran without for a week)
-Disable touchscreen driver in DevMan
-Uninstall ELO touchscreen driver (ran without for a week)
-Reflash current Dell BIOS (2.4.6 dated 3/1/10)

3rd party software suites attempted;
-AdAware: Found something and quarantined it, unable to provide details as it's been deleted and thus removed from the active log.
-MBAM (MalwareBytes Anti-Malware): nothing found
-HTJ (HiJackThis): current log @ http://pastebin.com/1xtGwLMP // startup log @ http://pastebin.com/pe4hBx1x
-ComboFix: log @ http://pastebin.com/h55UVvxm
-Symantec Endpoint: nothing found, ever.
-cmd>tasklist /svc @ http://pastebin.com/sCAGbJV6
-new cmd>tasklist /svc @ http://pastebin.com/uc1yR4yN

Update 1: All workstations are identical, we've even taken a ghost image from POS1 and pushed it to this station (POS3). After finding the flaky hosts file on POS3, I of course cleared it out to the XP default. I then looked at all other workstations, and sure enough POS1 had the flaky hosts file as well, which I cleared.

For the record, POS1 has never exhibited this behavior.

Update 2: Every workstation has VNC installed as a server only and enabled (not NT authentication, just VNC auth).

The customer called and I took that video while using LogMeIn to access the server, then VNC to access the POS.

RDP is also enabled, and use of either of these items have no effect on the issue.

Update 3: The video card is an ATI x1300. We're using the latest video driver from Dell for the computer model (Optiplex 745). We have also tried the latest catalyst drivers from AMD/ATI.


Update 4: The odd entries in the hosts file were created by Spybot S&D so if malware was installed, it wouldn't be able to contact it's server.

Update 5: Most recent occurrence 2011.08.04 @ 9:15am PT~.

Edited by hamluis, 04 August 2011 - 12:29 PM.
Moved from Am I Infected to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 11 August 2011 - 12:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/412846 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 d33k

d33k
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 11 August 2011 - 06:14 PM

Operating System: Windows XP SP3 32-bit

DDS 2011.08.11
.
DDS (Ver_2011-06-23.01) - NTFSx86 
Internet Explorer 8.0.6001.18702
Run by pos at 155208 on 2011-08-11
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1402 [GMT -800]
.
AV Lavasoft Ad-Watch Live! Anti-Virus EnabledUpdated {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV Symantec Endpoint Protection EnabledUpdated {FB06448E-52B8-493A-90F3-E43226D3305C}
FW Symantec Endpoint Protection Enabled 
.
============== Running Processes ===============
.
CWINDOWSsystem32Ati2evxx.exe
CWINDOWSsystem32svchost.exe -k DcomLaunch
svchost.exe
CWINDOWSSystem32svchost.exe -k netsvcs
CProgram FilesSymantecSymantec Endpoint ProtectionSmc.exe
svchost.exe
svchost.exe
CProgram FilesCommon FilesSymantec SharedccSvcHst.exe
CProgram FilesLavasoftAd-AwareAAWService.exe
CWINDOWSsystem32spoolsv.exe
svchost.exe
CWINDOWSsystem32EloSrvce.exe
cProgram FilesMicrosoft SQL Server90Sharedsqlwriter.exe
CProgram FilesSymantecSymantec Endpoint ProtectionRtvscan.exe
CProgram FilesRealVNCVNC4WinVNC4.exe
CWINDOWSExplorer.EXE
CProgram FilesSymantecSymantec Endpoint ProtectionSmcGui.exe
CProgram FilesAnalog DevicesCoresmax4pnp.exe
CProgram FilesATI TechnologiesATI.ACEcli.exe
CProgram FilesCommon FilesSymantec SharedccApp.exe
CWINDOWSsystem32ctfmon.exe
CWINDOWSsystem32EloDkMon.exe
CWINDOWSsystem32EloTTray.exe
CProgram FilesLavasoftAd-AwareAAWTray.exe
CProgram FilesATI TechnologiesATI.ACEcli.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = aboutblank
mWinlogon Userinit=cwindowssystem32userinit.exe
BHO Adobe PDF Link Helper {18df081c-e8ad-4283-a596-fa578c2ebdc3} - cprogram filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
uRun [ctfmon.exe] cwindowssystem32ctfmon.exe
mRun [SoundMAXPnP] cprogram filesanalog devicescoresmax4pnp.exe
mRun [ATICCC] cprogram filesati technologiesati.acecli.exe runtime -Delay
mRun [ccApp] cprogram filescommon filessymantec sharedccApp.exe
mRun [Adobe Reader Speed Launcher] cprogram filesadobereader 10.0readerReader_sl.exe
mRun [Adobe ARM] cprogram filescommon filesadobearm1.0AdobeARM.exe
dRunOnce [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder cdocume~1alluse~1startm~1programsstartupinfo.lnk - cplanetbginfoinfo.bat
uPolicies-explorer NoSMMyPictures = 1 (0x1)
uPolicies-explorer NoSMConfigurePrograms = 1 (0x1)
mPolicies-system DisableCAD = 1 (0x1)
dPolicies-explorer ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer NoSMMyPictures = 1 (0x1)
dPolicies-explorer NoSMConfigurePrograms = 1 (0x1)
IE E&xport to Microsoft Excel - cprogra~1micros~3office11EXCEL.EXE3000
IE {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE {FB5F1910-F110-11d2-BB9E-00C04F795683} - cprogram filesmessengermsmsgs.exe
IE {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - cprogra~1micros~3office11REFIEBAR.DLL
DPF {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxpupdate.microsoft.comwindowsupdatev6V5Controlsenx86clientwuweb_site.cab1282855032343
DPF {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxpwww.update.microsoft.commicrosoftupdatev6V5Controlsenx86clientmuweb_site.cab1296840871372
DPF {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxpplatformdl.adobe.comNOSgetPlusPlus1.6gp.cab
.
============= SERVICES  DRIVERS ===============
.
R0 Lbd;Lbd;cwindowssystem32driversLbd.sys [2011-7-26 64512]
R2 ccEvtMgr;Symantec Event Manager;cprogram filescommon filessymantec sharedccSvcHst.exe [2010-1-25 108392]
R2 ccSetMgr;Symantec Settings Manager;cprogram filescommon filessymantec sharedccSvcHst.exe [2010-1-25 108392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;cprogram fileslavasoftad-awareAAWService.exe [2011-7-21 2151640]
R2 Symantec AntiVirus;Symantec Endpoint Protection;cprogram filessymantecsymantec endpoint protectionRtvscan.exe [2009-11-10 1775344]
R3 EloBus;Elobus Filter Driver;cwindowssystem32driversEloBus.sys [2010-8-27 14848]
R3 EloSer;Elo Serial Driver;cwindowssystem32driversEloSer.Sys [2010-8-27 81408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;cprogram filescommon filessymantec sharedeengineEraserUtilRebootDrv.sys [2011-7-15 105592]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;cprogram fileslavasoftad-awarekernexplorer.sys [2011-7-21 15232]
R3 NAVENG;NAVENG;cprogra~1common~1symant~1virusd~120110725.037NAVENG.SYS [2011-7-26 86008]
R3 NAVEX15;NAVEX15;cprogra~1common~1symant~1virusd~120110725.037NAVEX15.SYS [2011-7-26 1542392]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;cwindowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]
S3 COH_Mon;COH_Mon;cwindowssystem32driversCOH_Mon.sys [2009-12-2 23888]
S3 EraserUtilDrv11010;EraserUtilDrv11010;cprogram filescommon filessymantec sharedeengineeraserutildrv11010.sys -- cprogram filescommon filessymantec sharedeengineEraserUtilDrv11010.sys []
S3 GenericMount;Generic Mount Driver;cwindowssystem32driversgenericmount.sys -- cwindowssystem32driversGenericMount.sys []
S3 RemShutDownSvc;RemoteShutDown Service;cwindowssystem32remsdnsv.exe [2011-7-26 12800]
S3 REMSTART;Remote Install Bootstrap Service;ctemptempRemStart.exe [2011-7-26 34304]
S3 WinRM;Windows Remote Management (WS-Management);cwindowssystem32svchost.exe -k WINRM [2010-3-31 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;cwindowsmicrosoft.netframeworkv4.0.30319wpfWPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-11 235006	--------	d-----w-	Cbleepingcomputer
2011-07-27 022159	12800	----a-w-	cwindowssystem32remsdnsv.exe
2011-07-27 020724	34304	----a-w-	ctemptempRemStart.exe
2011-07-27 020724	304123	----a-w-	ctemptempTHDefault.exe
2011-07-26 185619	16432	----a-w-	cwindowssystem32lsdelete.exe
2011-07-26 182423	--------	d-----w-	cwindowspss
2011-07-26 180759	101720	----a-w-	cwindowssystem32driversSBREDrv.sys
2011-07-26 175514	64512	----a-w-	cwindowssystem32driversLbd.sys
2011-07-26 175506	--------	d-----w-	cprogram filesLavasoft
2011-07-26 175140	--------	d-----w-	CTemp
2011-07-26 174726	388096	----a-r-	cdocuments and settingsposapplication datamicrosoftinstaller{45a66726-69bc-466b-a7a4-12fcba4883d7}HiJackThis.exe
2011-07-26 174725	--------	d-----w-	cprogram filesTrend Micro
2011-07-15 223029	98816	----a-w-	cwindowssed.exe
2011-07-15 223029	518144	----a-w-	cwindowsSWREG.exe
2011-07-15 223029	256000	----a-w-	cwindowsPEV.exe
2011-07-15 223029	208896	----a-w-	cwindowsMBR.exe
2011-07-15 222509	--------	d-----w-	cprogram filesHJT
2011-07-15 180204	4153133	------r-	CComboFix.exe
2011-07-15 173520	1402880	----a-w-	CHijackThis.msi
.
==================== Find3M  ====================
.
2011-08-02 032614	26112	----a-w-	cwindowssystem32userinit.exe
2011-06-23 030528	167936	----a-w-	cwindowssystem32driverswpshelper.sys
2011-06-02 140735	1867904	----a-w-	cwindowssystem32win32k.sys
.
============= FINISH 155242.15 ===============

GMER 2011.08.11
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-11 16:12:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-75MSA3 rev.10.01E04
Running: gmer.exe; Driver: C:\DOCUME~1\pos\LOCALS~1\Temp\fflcapow.sys


---- System - GMER 1.0.15 ----

SSDT            89BA7628                                                                                       ZwAlertResumeThread
SSDT            89B968C0                                                                                       ZwAlertThread
SSDT            898AD480                                                                                       ZwAllocateVirtualMemory
SSDT            89A61BF8                                                                                       ZwConnectPort
SSDT            Lbd.sys (Boot Driver/Lavasoft AB)                                                              ZwCreateKey [0xF764787E]
SSDT            898D3EE8                                                                                       ZwCreateMutant
SSDT            89B0EC18                                                                                       ZwCreateThread
SSDT            898CB580                                                                                       ZwFreeVirtualMemory
SSDT            8988E1B0                                                                                       ZwImpersonateAnonymousToken
SSDT            89AE1098                                                                                       ZwImpersonateThread
SSDT            89B0EFB0                                                                                       ZwMapViewOfSection
SSDT            89895AA0                                                                                       ZwOpenEvent
SSDT            899D03E8                                                                                       ZwOpenProcessToken
SSDT            898D42B8                                                                                       ZwOpenThreadToken
SSDT            \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)  ZwProtectVirtualMemory [0xB9EFD6B0]
SSDT            89ADF7E8                                                                                       ZwResumeThread
SSDT            89A410F0                                                                                       ZwSetContextThread
SSDT            89A83CC8                                                                                       ZwSetInformationProcess
SSDT            898AE2A8                                                                                       ZwSetInformationThread
SSDT            Lbd.sys (Boot Driver/Lavasoft AB)                                                              ZwSetValueKey [0xF7647BFE]
SSDT            89897B58                                                                                       ZwSuspendProcess
SSDT            89A6AA50                                                                                       ZwSuspendThread
SSDT            89ACA348                                                                                       ZwTerminateProcess
SSDT            89A72A98                                                                                       ZwTerminateThread
SSDT            89A87790                                                                                       ZwUnmapViewOfSection
SSDT            898D3A40                                                                                       ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwYieldExecution + 122                                                            804E497C 4 Bytes  [E8, 3E, 8D, 89]
.text           ntoskrnl.exe!ZwYieldExecution + 262                                                            804E4ABC 4 Bytes  CALL C3D7E7C4 
.text           ntoskrnl.exe!ZwYieldExecution + 3AE                                                            804E4C08 4 Bytes  [E8, F7, AD, 89]
init            C:\WINDOWS\system32\DRIVERS\EloSer.sys                                                         entry point in "init" section [0xB1D0A0A1]
?               C:\DOCUME~1\pos\LOCALS~1\Temp\mbr.sys                                                          The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device          \Driver\Tcpip \Device\Ip                                                                       wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                       SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\Tcpip \Device\Tcp                                                                      wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                      SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\Tcpip \Device\Udp                                                                      wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                      SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\Tcpip \Device\RawIp                                                                    wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                    SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\Tcpip \Device\IPMULTICAST                                                              wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

---- EOF - GMER 1.0.15 ----


#4 d33k

d33k
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 12 August 2011 - 10:53 AM

Update: This issue occurs daily. The systems are powered up and this computer (POSTHREE) displays erratic cursor behavior. After restarted 3-4 times, the issue stops.

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:13 PM

Posted 14 August 2011 - 10:43 AM

Hi, any indication that this is a malware issue (this forum is used to remove malware, not primarily to resolve OS conflicts).

First of all, you have two antivirus programs installed on this computer. It is possible that this causes the issues. Therefore either unisstall Lavasoft AdAware or Symantec antivirus.

After uninstalling one, let me know if you see any difference.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 d33k

d33k
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 22 August 2011 - 01:05 PM

Sorry about the delay, I am waiting for parts to refurbish some replacement computers. Once I have these systems replaced and the 'infected' ones in my possession, I will provide more information. I expect this to occur within the week.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:13 PM

Posted 22 August 2011 - 02:16 PM

Okay, when you are ready, please see my previous post.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:13 PM

Posted 28 August 2011 - 04:20 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 d33k

d33k
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 01 September 2011 - 06:01 PM

Yes, I am still here. The systems aren't in my possession yet. I should have them early next week.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:13 PM

Posted 02 September 2011 - 04:50 AM

Okay, please keep me posted. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 d33k

d33k
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 09 September 2011 - 07:27 PM

Tracked packages, will have them in Monday... will perform requested tasks and post information here. Ideally I'd like to have the issue reproduce itself here before taking correctional steps, because at this point we're not sure if this is something that someone is doing intentionally. Something that maybe we can't detect because we're not actually in their environment.

More info next week.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:13 PM

Posted 10 September 2011 - 01:46 AM

Okay, please keep me informed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:13 PM

Posted 20 September 2011 - 04:36 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:13 PM

Posted 09 October 2011 - 03:50 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users